CVE-2017-1000256 (retired)

Priority
Description
libvirt version 2.3.0 and later is vulnerable to a bad default
configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a
failure to validate SSL/TLS certificates by default.
Assigned-to
mdeslaur
Package
Upstream:released (3.8.0-3)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.0.0-1ubuntu2)
Patches:
Introduced by ce61c16450d4992612d1fc6f39a39e79bfccead5Fixed by 441d3eb6d1be940a67ce45a286602a967601b157
Upstream:https://libvirt.org/git/?p=libvirt.git;a=commit;h=441d3eb6d1be940a67ce45a286602a967601b157
More Information

Updated: 2019-08-23 09:12:45 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)